lirantal
commented
11 months ago Thanks for citing this, Thomas. I'm flattered and happy to join any further research on this when and if you plan to expand on it.
Open thomas-chauchefoin-sonarsource opened 11 months ago
lirantal
commented
11 months ago Thanks for citing this, Thomas. I'm flattered and happy to join any further research on this when and if you plan to expand on it.
Based on Liran Tal's research on
kucherenko/blamer. We already know this vector, but we don't document the scenario where positional arguments are also passed to the Git command, making it write something under the attacker's control in the file pointed by--output.Advisory in https://gist.github.com/lirantal/14c3686370a86461f555d3f0703e02f9.